It’s been a while since I’ve blogged, and just like other posts in the past, this one is meant as a way to dig into something and for me to catalog my own thoughts for later. While digging into some issues for some of our Istio customers as well as for a chapter in my upcoming book, Istio in Action, ...
Read More »Home »
Diving Into Istio 1.6 Certificate Rotation
Istio is a powerful service mesh built on Envoy Proxy that solves the problem of connecting services deployed in cloud infrastructure (like Kubernetes) and do so in a secure, resilient, and observable way. Istio’s control plane can be used to specify declarative policies like those around circuit breaking, traffic routing, authentication/authorization, et. al. One important capability that Istio provides is ...
Read More »Do I Need an API Gateway if I Use a Service Mesh?
This post may not be able to break through the noise around API Gateways and Service Mesh. However, it’s 2020 and there is still abundant confusion around these topics. I have chosen to write this to help bring real concrete explanation to help clarify differences, overlap, and when to use which. Feel free to @ me on twitter (@christianposta) if ...
Read More »Istio as an Example of When Not to Do Microservices
I’ve been pretty invested in helping organizations with their cloud-native journeys for the last five years. Modernizing and improving a team (and eventually an organization’s) velocity to deliver software-based technology is heavily influenced by it’s people, process and eventual technology decisions. A microservices approach may be appropriate when the culmination of an application’s architecture has become a bottleneck (as a ...
Read More »Moving the Service-mesh Community Forward
Service mesh is an important set of capabilities that solve some difficult service-to-service communication challenges when operating a services-style architecture. Just as Kubernetes and containers helped to provide a nice set of abstractions to deploying and running workloads on a fleet of computers, so too is service mesh emerging to abstract the network in a way that gives operators and ...
Read More »Guidance for Building a Control Plane for Envoy Part 3 – Domain Specific Configuration API
This is part 3 of a series that explores building a control plane for Envoy Proxy. In this blog series, we’ll take a look at the following areas: Adopting a mechanism to dynamically update Envoy’s routing, service discovery, and other configurationIdentifying what components make up your control plane, including backing stores, service discovery APIs, security components, et. al.Establishing any domain-specific ...
Read More »Guidance for Building a Control Plane for Envoy Part 2 – Identify Components
This is part 2 of a series that explores building a control plane for Envoy Proxy. In this blog series, we’ll take a look at the following areas: Adopting a mechanism to dynamically update Envoy’s routing, service discovery, and other configurationIdentifying what components make up your control plane, including backing stores, service discovery APIs, security components, et. al. (this entry)Establishing ...
Read More »Guidance for Building a Control Plane for Envoy – Deployment Tradeoffs
Deploying control plane components Once you’ve built and designed your control plane, you’ll want to decide exactly how its components get deployed. You have some choices here from co-locate control plane with the data plane all the way to centralize your control plane. There is a middle ground here as well: deploy some components co-located with the control plane and ...
Read More »Guidance for Building a Control Plane for Envoy – Build for Pluggability
Envoy is a very powerful piece of software and every day new use cases and new contributions are being proposed to the community. Although the core of Envoy is very stable, it’s built on a pluggable filter architecture so folks can write new codecs for different L7 protocols or add new functionality. At the moment, Envoy filter’s are written in ...
Read More »